Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for detecting an unauthorized access point in a wireless communication network, the method comprising: generating, by a processor, a probe identity that is unused in the wireless communication network; informing, by the processor, adopted access points in the communication network of this generated probe identity, and that packets from this generated probe identity should be ignored; broadcasting, by the adopted access points, at least one probe request using the generated probe identity; detecting, by the processor, if there are any probe responses to the at least one probe request, indicating an unauthorized access point; and providing an alert, by the processor, if an unauthorized access point is detected.
2. The method of claim 1 , wherein informing includes a time duration for which the generated probe identity will be valid.
3. The method of claim 1 , wherein broadcasting is performed by all adopted access points on their own respective operating channel in the communication network.
4. The method of claim 3 , wherein broadcasting includes a separate intrusion detector also broadcasting the at least one probe request on all communication network channels.
5. The method of claim 1 , wherein informing includes informing the adopted access points in the communication network that packets from a probe request with a Service Set Identifier (SSID) set as NULL should be ignored, and wherein broadcasting includes broadcasting a probe request with the SSID set as NULL, whereupon the adopted access points in the communication network ignore the probe request.
6. The method of claim 1 , wherein informing includes informing the adopted access points in the communication network that packets from a probe request with specific Service Set Identifiers (SSIDs) configured on the adopted access ports should be ignored, and wherein broadcasting includes broadcasting a probe request with one of the specific SSIDs that are configured on adopted access ports, whereupon the adopted access points in the communication network ignore the probe request.
7. The method of claim 1 , wherein informing includes informing the adopted access points in the communication network that packets from a probe request with a Service Set Identifier (SSID) set as NULL and specific Service Set Identifiers (SSIDs) configured on the adopted access ports should be ignored, and wherein broadcasting includes broadcasting a first probe request with the SSID set as NULL and a second probe request with one of the specific SSIDs that are configured on adopted access ports, whereupon the adopted access points in the communication network ignore the probe requests.
8. The method of claim 1 , further comprising: checking whether the probe response has a known MAC address, and providing an alert of unauthorized spoofing of an access point.
9. The method of claim 1 , further comprising: checking whether the probe response has a known SSID, and providing an alert of an unauthorized access point if the probe response has an unknown SSID, and providing an alert of a rogue access point if the probe response has a known SSID.
10. A controller for detecting an unauthorized access point in a wireless communication network, the controller comprising: a processor operable to generate a probe identity that is unused in the wireless communication network, inform adopted access points in the communication network of this generated probe identity, and that packets from this generated probe identity should be ignored, direct the adopted access points to broadcast at least one probe request using the generated probe identity, detect if there are any probe responses to the at least one probe request, indicating an unauthorized access point, and provide an alert if an unauthorized access point is detected.
11. The controller of claim 10 , wherein the processor will inform the adopted access points of a time duration for which the generated probe identity will be valid.
12. The controller of claim 10 , wherein the generated probe identity is an interface MAC address known by the controller as not being authorized for use by access points.
13. The controller of claim 12 , further comprising a separate intrusion detector also directed by the processor to broadcast the at least one probe request on all communication network channels.
14. The controller of claim 10 , wherein adopted access points in the communication network are informed that packets from a probe request with a Service Set Identifier (SSID) set as NULL should be ignored, and wherein a first probe request includes the SSID set as NULL, whereupon the adopted access points in the communication network ignore the probe request.
15. The controller of claim 10 , wherein the adopted access points in the communication network are informed that packets from a probe request with specific Service Set Identifiers (SSIDs) configured on the adopted access ports should be ignored, and wherein a second probe request includes one of the specific SSIDs that are configured on the adopted access ports, whereupon the adopted access points in the communication network ignore the probe request.
16. The controller of claim 10 , wherein the adopted access points in the communication network are informed that packets from a probe request with a Service Set Identifier (SSID) set as NULL and specific Service Set Identifiers (SSIDs) configured on the adopted access ports should be ignored, and wherein the at least one probe request includes a first probe request with a the SSID set as NULL and a second probe request with one of the specific SSIDs that are configured on adopted access ports, whereupon the adopted access points in the communication network ignore the probe requests.
17. The controller of claim 10 , wherein the processor is further operable to check whether the probe response has a known MAC address, and provide an alert of unauthorized spoofing of an access point.
18. The controller of claim 10 , wherein the processor is further operable to check whether the probe response has a known SSID, and provide an alert of an unauthorized access point if the probe response has an unknown SSID, and provide an alert of a rogue access point if the probe response has a known SSID.
19. A controller for detecting an unauthorized access point in a wireless communication network, the controller comprising: a processor operable to generate a probe identity that is unused in the wireless communication network, inform adopted access points in the communication network of this generated probe identity and that packets from a probe request with a Service Set Identifier (SSID) set as NULL and specific Service Set Identifiers (SSIDs) configured on the adopted access ports should be ignored, and that packets from this generated probe identity, probe requests with the SSID set as NULL, and probe requests with one of the specific SSIDs that are configured on adopted access ports should be ignored, direct the adopted access points to broadcast a first probe request using the generated probe identity and that includes the SSID set as NULL and a second probe request using the generated probe identity and that includes one of the specific SSIDs that are configured on the adopted access ports, whereupon the adopted access points in the communication network ignore the probe requests, detect if there are any probe responses to the at least one probe request, indicating an unauthorized access point, and provide an alert if an unauthorized access point is detected.
20. The controller of claim 10 , wherein the processor is further operable to check whether the probe response has a known MAC address, and provide an alert of unauthorized spoofing of an access point, check whether the probe response has a known SSID, and provide an alert of an unauthorized access point if the probe response has an unknown SSID, and provide an alert of a rogue access point if the probe response has a known SSID.
Unknown
July 23, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.